def setup(self):
firstPath = self.preffix + self.testPath + self.suffix
firstResponse = self.requester.request(firstPath)
self.invalidStatus = firstResponse.status
secondPath = self.preffix + RandomUtils.randString(
omit=self.testPath) + self.suffix
secondResponse = self.requester.request(secondPath)
if self.invalidStatus == 404:
# Using the response status code is enough :-}
return
# look for redirects
elif firstResponse.status in self.redirectStatusCodes and firstResponse.redirect and secondResponse.redirect:
self.redirectRegExp = self.generateRedirectRegExp(
firstResponse.redirect, secondResponse.redirect)
# Analyze response bodies
self.dynamicParser = DynamicContentParser(self.requester, firstPath,
firstResponse.body,
secondResponse.body)
baseRatio = float("{0:.2f}".format(
self.dynamicParser.comparisonRatio)) # Rounding to 2 decimals
# If response length is small, adjust ratio
if len(firstResponse) < 2000:
baseRatio -= 0.1
if baseRatio < self.ratio:
self.ratio = baseRatio
def setup(self):
first_path = self.prefix + (self.calibration if self.calibration else
RandomUtils.rand_string()) + self.suffix
first_response = self.requester.request(first_path)
self.invalid_status = first_response.status
if self.invalid_status == 404:
# Using the response status code is enough :-}
return
second_path = self.prefix + (self.calibration if self.calibration else
RandomUtils.rand_string(
omit=first_path)) + self.suffix
second_response = self.requester.request(second_path)
# Look for redirects
if first_response.redirect and second_response.redirect:
self.redirect_reg_exp = self.generate_redirect_reg_exp(
first_response.redirect,
first_path,
second_response.redirect,
second_path,
)
# Analyze response bodies
if first_response.body is not None and second_response.body is not None:
self.dynamic_parser = DynamicContentParser(self.requester,
first_path,
first_response.body,
second_response.body)
else:
self.dynamic_parser = None
self.ratio = float("{0:.2f}".format(
self.dynamic_parser.comparisonRatio)) # Rounding to 2 decimals
# The wildcard response is static
if self.ratio == 1:
pass
# Adjusting ratio based on response length
elif len(first_response) < 100:
self.ratio -= 0.1
elif len(first_response) < 500:
self.ratio -= 0.05
elif len(first_response) < 2000:
self.ratio -= 0.02
else:
self.ratio -= 0.01
# If the path is reflected in response, decrease the ratio. Because
# the difference between path lengths can reduce the similarity ratio
if first_path in first_response.body.decode(
) and len(first_response) < 100000:
self.ratio -= 0.1
def setup(self):
for path in self.testPath:
firstPath = RandomUtils.randString() + '/' + path + self.suffix
firstResponse = self.requester.request(firstPath)
if firstResponse.status not in self.invalidStatus:
self.invalidStatus.append(firstResponse.status)
if firstResponse.status == 404:
# Using the response status code is enough :-}
continue
# look for redirects
secondPath = RandomUtils.randString() + '/' + path + self.suffix
secondResponse = self.requester.request(secondPath)
if firstResponse.status in self.redirectStatusCodes and firstResponse.redirect and secondResponse.redirect:
self.redirectRegExp.append(
self.generateRedirectRegExp(firstResponse.redirect,
secondResponse.redirect))
# Analyze response bodies
dynamicParser = DynamicContentParser(self.requester, firstPath,
firstResponse.body,
secondResponse.body)
baseRatio = float("{0:.2f}".format(
dynamicParser.comparisonRatio)) # Rounding to 2 decimals
ratio = self.ratio
# If response length is small, adjust ratio
if len(firstResponse) < 2000:
baseRatio -= 0.1
if baseRatio < self.ratio:
ratio = baseRatio
if self.dynamicParser:
flag = 0
for _dynamicParser, __ in self.dynamicParser:
_ratio = dynamicParser.compareTo(_dynamicParser.cleanPage)
flag += _ratio > ratio
if not flag:
self.dynamicParser.append((dynamicParser, ratio))
else:
self.dynamicParser.append((dynamicParser, ratio))
def setup(self):
first_path = self.prefix + (
self.calibration if self.calibration else RandomUtils.rand_string()
) + self.suffix
first_response = self.requester.request(first_path)
self.invalid_status = first_response.status
if self.invalid_status == 404:
# Using the response status code is enough :-}
return
second_path = self.prefix + (
self.calibration if self.calibration else RandomUtils.rand_string(omit=first_path)
) + self.suffix
second_response = self.requester.request(second_path)
# Look for redirects
if first_response.redirect and second_response.redirect:
self.redirect_reg_exp = self.generate_redirect_reg_exp(
first_response.redirect, first_path,
second_response.redirect, second_path,
)
# Analyze response bodies
if first_response.body is not None and second_response.body is not None:
self.dynamic_parser = DynamicContentParser(
self.requester, first_path, first_response.body, second_response.body
)
else:
self.dynamic_parser = None
base_ratio = float(
"{0:.2f}".format(self.dynamic_parser.comparisonRatio)
) # Rounding to 2 decimals
# If response length is small, adjust ratio
if len(first_response) < 500:
base_ratio -= 0.15
elif len(first_response) < 2000:
base_ratio -= 0.1
if base_ratio < self.ratio:
self.ratio = base_ratio
def setup(self):
first_path = self.prefix + (self.calibration if self.calibration else
rand_string()) + self.suffix
first_response = self.requester.request(first_path)
self.response = first_response
if self.response.status == 404:
# Using the response status code is enough :-}
return
duplicate = self.duplicate(first_response)
if duplicate:
# Another test had been performed and shows the same response as this
self.ratio = duplicate.ratio
self.dynamic_parser = duplicate.dynamic_parser
self.redirect_parser = duplicate.redirect_parser
self.sign = duplicate.sign
return
second_path = self.prefix + (self.calibration
if self.calibration else rand_string(
omit=first_path)) + self.suffix
second_response = self.requester.request(second_path)
if first_response.redirect and second_response.redirect:
self.generate_redirect_reg_exp(
first_response.redirect,
first_path,
second_response.redirect,
second_path,
)
# Analyze response bodies
if first_response.body is not None and second_response.body is not None:
self.dynamic_parser = DynamicContentParser(self.requester,
first_path,
first_response.body,
second_response.body)
else:
self.dynamic_parser = None
self.ratio = float("{0:.2f}".format(
self.dynamic_parser.comparisonRatio)) # Rounding to 2 decimals
# The wildcard response is static
if self.ratio == 1:
pass
# Adjusting ratio based on response length
elif len(first_response) < 100:
self.ratio -= 0.1
elif len(first_response) < 500:
self.ratio -= 0.05
elif len(first_response) < 2000:
self.ratio -= 0.02
else:
self.ratio -= 0.01
"""
If the path is reflected in response, decrease the ratio. Because
the difference between path lengths can reduce the similarity ratio
"""
if first_path in first_response.body.decode():
if len(first_response) < 200:
self.ratio -= 0.15 + 15 / len(first_response)
elif len(first_response) < 800:
self.ratio -= 0.06 + 30 / len(first_response)
elif len(first_response) < 5000:
self.ratio -= 0.03 + 80 / len(first_response)
elif len(first_response) < 20000:
self.ratio -= 0.02 + 200 / len(first_response)
else:
self.ratio -= 0.01
def setup(self):
if self.path is None or self.path is '':
self.path = self.getRandomPath()
firstpath_php = self.path + '.' + self.suffix[0]
res1_php = self.requester.request(firstpath_php, True)
secondpath_php = self.getRandomPath() + '.' + self.suffix[0]
res2_php = self.requester.request(secondpath_php, True)
firstpath_jsp = self.path + '.' + self.suffix[1]
res1_jsp = self.requester.request(firstpath_jsp, True)
secondpath_jsp = self.getRandomPath() + '.' + self.suffix[1]
res2_jsp = self.requester.request(secondpath_jsp, True)
firstpath_asp = self.path + '.' + self.suffix[2]
res1_asp = self.requester.request(firstpath_asp, True)
secondpath_asp = self.getRandomPath() + '.' + self.suffix[2]
res2_asp = self.requester.request(secondpath_asp, True)
if res1_asp.status_code == 404 and res1_php.status_code == 404 and res1_jsp.status_code == 404:
self.flag = True
else:
if self.getHistory(
str(res1_php.history
)) in self.redirection_code and self.getHistory(
str(res2_php.history)) in self.redirection_code:
regExp = self.generateRedirectRegExp(res1_php.url,
res2_php.url)
self.redirection_regexp.append(
regExp) if regExp not in self.redirection_regexp else 0
if self.getHistory(
str(res1_jsp.history
)) in self.redirection_code and self.getHistory(
str(res2_jsp.history)) in self.redirection_code:
regExp = self.generateRedirectRegExp(res1_jsp.url,
res2_jsp.url)
self.redirection_regexp.append(
regExp) if regExp not in self.redirection_regexp else 0
if self.getHistory(
str(res1_asp.history
)) in self.redirection_code and self.getHistory(
str(res2_asp.history)) in self.redirection_code:
regExp = self.generateRedirectRegExp(res1_asp.url,
res2_asp.url)
self.redirection_regexp.append(
regExp) if regExp not in self.redirection_regexp else 0
if res1_asp.status_code == 404 and res1_php.status_code == 404 and res1_jsp.status_code == 404:
self.flag = True
self.dynamic_php = DynamicContentParser(self.requester,
firstpath_php,
res1_php.text,
res2_php.text)
if self.dynamic_php is not None:
ratio = float('{0:.2f}'.format(
self.dynamic_php.comparisonRatio))
if self.base_ratio > ratio:
self.base_ratio = ratio
self.dynamic_jsp = DynamicContentParser(self.requester,
firstpath_jsp,
res1_jsp.text,
res2_jsp.text)
if self.dynamic_jsp is not None:
ratio = float('{0:.2f}'.format(
self.dynamic_jsp.comparisonRatio))
if self.base_ratio > ratio:
self.base_ratio = ratio
self.dynamic_asp = DynamicContentParser(self.requester,
firstpath_asp,
res1_asp.text,
res2_asp.text)
if self.dynamic_asp is not None:
ratio = float('{0:.2f}'.format(
self.dynamic_asp.comparisonRatio))
if self.base_ratio > ratio:
self.base_ratio = ratio
